Veterans' ID Theft Protection Act of 2006 - Directs the Secretary of Veterans Affairs to take specified actions in response to the May 2006 breach of Department of Veterans Affairs (VA) data security, including: (1) repairing the breach, restoring the security and confidentiality of the sensitive financial personal information involved and the integrity of data security safeguards, and improving data security policies and procedures; and (2) notifying affected persons, each nationwide consumer reporting agency, and any other third parties who will be required to act to protect such persons from fraud or identity theft.
Makes the Secretary responsible for providing any notices and file monitoring required under this Act at no cost to the persons affected by the breach.
Requires the Secretary to make available to a person affected, upon request, a service that monitors nationwide credit activity from a consumer reporting agency for six months for free.
[Congressional Bills 109th Congress]
[From the U.S. Government Publishing Office]
[H.R. 5487 Introduced in House (IH)]
109th CONGRESS
2d Session
H. R. 5487
To require the Secretary of Veterans Affairs to take certain actions to
mitigate the effects of the breach of data security that occurred, or
is likely to have occurred, in May, 2006, at the Department of Veterans
Affairs, and for other purposes.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
May 25, 2006
Ms. Hooley (for herself, Mr. LaTourette, Ms. Bean, Mr. Baker, Mr. Moore
of Kansas, Mr. Kanjorski, Mr. Crowley, Mrs. McCarthy, Mr. Meeks of New
York, Mr. Hinojosa, Ms. Moore of Wisconsin, Mr. Clay, Mrs. Kelly, Ms.
Harman, Mr. Larson of Connecticut, Mr. Rahall, Mr. Delahunt, Ms.
Corrine Brown of Florida, Mr. Kucinich, Mr. Michaud, Mr. Davis of
Alabama, Mr. Al Green of Texas, Mr. Scott of Georgia, Mr. Lynch, Mr.
Grijalva, Ms. DeGette, Ms. Bordallo, Mr. Baca, Mr. Smith of Washington,
Mr. Clyburn, Mr. Conyers, Mr. Thompson of Mississippi, Mr. Dicks, Mr.
Inslee, Mr. Pomeroy, Mr. Filner, Mr. Ramstad, Ms. Wasserman Schultz,
Mr. Walden of Oregon, Mr. DeFazio, Mr. Baird, and Ms. Herseth)
introduced the following bill; which was referred to the Committee on
Veterans' Affairs
_______________________________________________________________________
A BILL
To require the Secretary of Veterans Affairs to take certain actions to
mitigate the effects of the breach of data security that occurred, or
is likely to have occurred, in May, 2006, at the Department of Veterans
Affairs, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Veterans' ID Theft Protection Act of
2006''.
SEC. 2. ACTIONS REQUIRED WITH RESPECT TO VETERANS ADMINISTRATION DATA
BREACH.
(a) In General.--With respect to the breach of data security that
occurred, or is likely to have occurred, in May, 2006, at the
Department of Veterans Affairs, the Secretary of Veterans Affairs shall
take the following actions with respect to such breach in addition to
any other actions the Secretary may determine to be appropriate.
(1) System restoration requirements.--The Secretary shall
take prompt and reasonable measures to--
(A) repair the breach and restore the security and
confidentiality of the sensitive financial personal
information involved to limit further unauthorized
misuse of such information; and
(B) restore the integrity of the Department's data
security safeguards and make appropriate improvements
to its data security policies and procedures.
(2) Notice requirements.--
(A) In general.--The Secretary shall without
unreasonable delay notify any person affected by the
breach in the manner provided in this paragraph, as
well as--
(i) each nationwide consumer reporting
agency described in section 603(p) of the Fair
Credit Reporting Act with respect to the breach
itself and each person affected by the breach;
and
(ii) any other appropriate critical third
parties who will be required to undertake
further action with respect to such information
to protect such persons from resulting fraud or
identity theft.
(B) Content of notice.--Any notice required to be
provided under subparagraph (A) by the Secretary to any
person affected by the breach shall be provided in a
standardized transmission or envelope clearly marked as
containing an important notice from the Department of
Veterans Affairs on stolen identity information, and
shall include the following in a clear and conspicuous
manner:
(i) An appropriate heading or notice title.
(ii) A description of the nature and types
of information and accounts as appropriate that
were, or are reasonably believed to have been,
subject to the breach of data security.
(iii) If known, the date, or the best
reasonable approximation of the period of time,
on or within which sensitive personal
information related to the consumer was, or is
reasonably believed to have been, subject to a
breach.
(iv) A general description of the actions
taken by the Secretary to restore the security
and confidentiality of the breached
information.
(v) A telephone number by which any person
affected by the breach may call the Department
of Veterans Affairs, free of charge, to obtain
additional information about how to respond to
the breach.
(vi) A copy of the summary of rights of
consumer victims of fraud or identity theft
prepared by the Federal Trade Commission under
section 609(d) of the Fair Credit Reporting
Act, as well as any additional appropriate
information on how the person affected by the
breach may--
(I) obtain a copy of a consumer
report free of charge in accordance
with section 612 of the Fair Credit
Reporting Act;
(II) place a fraud alert in any
file relating to the person at a
consumer reporting agency under section
605A of such Act to discourage
unauthorized use; and
(III) contact the Federal Trade
Commission for more detailed
information.
(vii) A prominent statement that file
monitoring will be made available upon request
in accordance with paragraph (3) to the person
affected by the breach free of charge for a
period of not less than 6 months, together with
a telephone number at the Department of
Veterans Affair for requesting such services.
The statement may also include such additional
contact information as a mailing address, e-
mail, or Internet website address.
(viii) The approximate date the notice is
being issued.
(C) Responsibility and costs.--
(i) In general.--The Secretary of Veterans
Affairs shall be--
(I) responsible for providing any
notices and file monitoring required
under this section with respect to such
breach; and
(II) responsible for the reasonable
actual costs of any notices provided
under this section.
(ii) No charge to persons affected by the
breach.--The cost for the notices and file
monitoring described in clause (i) may not be
charged to the persons affected by the breach.
(3) Free file monitoring.--The Secretary of Veterans
Affairs, if requested by the person affected by the breach
before the end of the 90-day period beginning on the date of
such notice, shall make available to the person, free of charge
and for at least a 6-month period a service that monitors
nationwide credit activity regarding a consumer from a consumer
reporting agency described in section 603(p) of the Fair Credit
Reporting Act.
(b) Negotiating Authority.--The Secretary of Veterans Affairs shall
have broad authority to secure the best possible price for credit
monitoring services on behalf of taxpayers.
(c) Authorization of Appropriations.--There are authorized to be
appropriated to the Secretary of Veterans Affairs the sum of
$100,000,000 to carry out the requirements of this section.
<all>
Introduced in House
Introduced in House
Referred to the House Committee on Veterans' Affairs.
Executive Comment Requested from Veterans' Affairs.
Unfavorable Executive Comment Received from Veterans' Affairs.
Llama 3.2 · runs locally in your browser
Ask anything about this bill. The AI reads the full text to answer.
Enter to send · Shift+Enter for new line